h2(#keepproxy). keepproxy
-The legacy keepproxy config is stored at @/etc/arvados/keepproxy/keepproxy.yml@ and can still be used with the @-config=path/to/legacy/config@ keepproxy command line argument. If migrated to the centralized config at @/etc/arvados/config.yml@, @keepproxy.yml@ should be moved out of the way and/or deleted.
+The legacy keepproxy config is stored at @/etc/arvados/keepproxy/keepproxy.yml@ by default and will continue to take precedence over the cluster config, unless removed. Also, a legacy keepproxy config in a different path can still be used with the @-legacy-keepproxy-config=path/to/legacy/config@ keepproxy command line argument. If the @-legacy-keepproxy-config@ command line argument is provided, this will take precedence over @/etc/arvados/keepproxy/keepproxy.yml@ and the cluster config. If migrating to the centralized config, @keepproxy.yml@ should be moved out of the way and/or deleted and the @-legacy-keepproxy-config@ command line argument should not be used.
Configuration via individual command line arguments is no longer available. The following table maps former keepproxy command line arguments and legacy config values to their equivalent representation in the centralized config, which may need to be set manually.
table(table table-bordered table-condensed).
|*Command Line*|*Legacy keepproxy.yml*|*Centralized config.yml*|
-|-listen|Listen|Services:Keepproxy:InternalURLs|
+|-listen|Listen|Services.Keepproxy.InternalURLs|
|-no-get|DisableGet|N/A|
|-no-put|DisablePut|N/A|
-|-default-replicas|DefaultReplicas|Collections:DefaultReplication|
+|-default-replicas|DefaultReplicas|Collections.DefaultReplication|
|-pid|PIDFile|N/A|
-|N/A|Debug|SystemLogs:LogLevel|
-|-timeout|Timeout|API:KeepServiceRequestTimeout|
+|N/A|Debug|SystemLogs.LogLevel|
+|-timeout|Timeout|API.KeepServiceRequestTimeout|
|-management-token|ManagementToken|ManagementToken|
Note that some options are no longer supported. If you are still using the legacy config at @/etc/arvados/keepproxy/keepproxy.yml@ and @DisableGet@ or @DisablePut@ are set to true or @PIDFile@ has a value, keepproxy will produce an error and fail to start.
h4. Keepproxy configuration migration
-Keepproxy can now be configured using the centralized config at @/etc/arvados/config.yml@. Some configuration options are no longer supported. Please see "keepproxy's config migration guide":{{site.baseurl}}/admin/config-migration.html#keepproxy for more details.
+(feature "#14715":https://dev.arvados.org/issues/14715 ) Keepproxy can now be configured using the centralized config at @/etc/arvados/config.yml@. Some configuration options are no longer supported. Please see "keepproxy's config migration guide":{{site.baseurl}}/admin/config-migration.html#keepproxy for more details.
h4. No longer stripping ':' from strings in serialized database columns
<notextile>
<pre><code>~$ <span class="userinput">keepproxy -h</span>
-...
-Usage: keepproxy [-config path/to/keepproxy.yml]
-...
+Usage of keepproxy:
+ -config file
+ Site configuration file (default may be overridden by setting an ARVADOS_CONFIG environment variable) (default "/etc/arvados/config.yml")
+ -dump-config
+ write current configuration to stdout and exit
+[...]
+ -version
+ print version information and exit.
</code></pre>
</notextile>
<notextile>
<pre><code>Clusters:
- zzzzz:
+ <span class="userinput">uuid_prefix</span>:
Services:
<span class="userinput">Keepproxy:
ExternalURL: https://keep.uuid_prefix.your.domain
</span></code></pre>
</notextile>
-h3. Set up the Keepproxy service
-
-Install runit to supervise the keepproxy daemon. {% include 'install_runit' %}
-
-The keepproxy command to run is:
-
-<notextile>
-<pre><code>~$ <span class="userinput">exec keepproxy
-</code></pre>
-</notextile>
-
h3. Set up a reverse proxy with SSL support
Because the Keepproxy is intended for access from anywhere on the internet, it is recommended to use SSL for transport encryption.
EOF</span>
</code></pre></notextile>
+h2. Run Keepproxy
+
+h3. Start the service (option 1: systemd)
+
+If your system does not use systemd, skip this section and follow the "runit instructions":#runit instead.
+
+If your system uses systemd, the keepproxy service should already be set up. Start it and check its status:
+
+<notextile>
+<pre><code>~$ <span class="userinput">sudo systemctl restart keepproxy</span>
+~$ <span class="userinput">sudo systemctl status keepproxy</span>
+● keepproxy.service - Arvados Keep Proxy
+ Loaded: loaded (/lib/systemd/system/keepproxy.service; enabled)
+ Active: active (running) since Tue 2019-07-23 09:33:47 EDT; 3 weeks 1 days ago
+ Docs: https://doc.arvados.org/
+ Main PID: 1150 (Keepproxy)
+ CGroup: /system.slice/keepproxy.service
+ └─1150 /usr/bin/keepproxy
+[...]
+</code></pre>
+</notextile>
+
+h3(#runit). Start the service (option 2: runit)
+
+Install runit to supervise the Keep-web daemon. {% include 'install_runit' %}
+
h3. Testing keepproxy
Log into a host that is on an external network from your private Arvados network. The host should be able to contact your keepproxy server (eg keep.$uuid_prefix.arvadosapi.com), but not your keepstore servers (eg keep[0-9].$uuid_prefix.arvadosapi.com).
func configure(logger log.FieldLogger, args []string) (*arvados.Cluster, error) {
flags := flag.NewFlagSet(args[0], flag.ExitOnError)
- flags.Usage = usage
dumpConfig := flags.Bool("dump-config", false, "write current configuration to stdout and exit")
getVersion := flags.Bool("version", false, "Print version information and exit.")
+++ /dev/null
-// Copyright (C) The Arvados Authors. All rights reserved.
-//
-// SPDX-License-Identifier: AGPL-3.0
-
-package main
-
-import (
- "fmt"
- "os"
-)
-
-func usage() {
- fmt.Fprintf(os.Stderr, `
-Keepproxy forwards GET and PUT requests to keepstore servers. See
-http://doc.arvados.org/install/install-keepproxy.html
-
-Usage: keepproxy [-config path/to/keepproxy.yml]
-
-DEPRECATION WARNING: The -config parameter is deprecated. Use the
-cluster config instead.
-
-`)
-}